Welcome to Texas justice: You might beat the rap, but you won't beat the ride.

Thursday, April 05, 2012

More Kafka than Orwell: Police databases and negligent error

This morning, I read an excellent law-review article (no, not entirely an oxymoron) from Erin Murphy at NYU titled "Databases, Doctrine, and Constitutional Criminal Procedure," found via CrimProf Blog, related to a subject that comes up now and again on Grits: The way databases and their usually unintentional inaccuracies can create constitutional liberty violations for which the US Supreme Court in Herring v. United States (2009) ruled the exclusionary rule inapplicable. In Herring, the court held that "When police mistakes leading to an unlawful search are the result of
isolated negligence attenuated from the search, rather than systemic
error or reckless disregard of constitutional requirements, the
exclusionary rule does not apply."

In that case,the defendant was arrested because of an error in a police database, and a search incident to arrest yielded drugs and a gun, which the Supreme Court said should not be excluded from evidence. Murphy's piece offers one of the best big-picture analyses on the implications of that decision vis a vis computer databases that this writer has seen, though it should be said the Texas Court of Criminal Appeals already had created the same exception to our statutory exclusionary rule years before. Anyway, suffice it to say the same issues arise in Texas state and federal law.

Murphy emphasizes a point I think very few people, even (perhaps especially) those working in the system, ever consider: Eighteenth-century constitutional restrictions in the Bill of Rights which are supposed to regulate modern police conduct were written decades before the first professional police department was ever created, even in London, much less the United States, and use of modern databases in law enforcement has transformed the profession in radical ways just since the turn of the 21st century. Here's a bit of a lengthy excerpt providing some of that little-discussed history:

The criminal justice system's reliance on databases is both old and new. As many know, the formal, organized, public police first emerged as a concept around 1829, when Robert Peel organized the London bobbies. The first detective unit in the United States was formed shortly after in 1846 in Boston, at a time when tracking down criminals largely remained a private sector gig. Dominated by companies such as the (in)famous Pinkertons, the unit's work consisted largely of pounding the pavement (and suspects). Indeed, many of the modem tools of detecting -- "[s]ophisticated criminal investigation techniques-well-organized crime records systems, fingerprints, crime labs -- did not appear until the twentieth century." Even Alphonse Bertillion's pioneer anthropometrical system of identification in the late 1800s depended largely upon manual recording and comparison of measurements.

The first primitive databases emerged around the same time, at the turn of the century. For instance, as early as 1919, the California State Bureau of Identification introduced a punch-card system for storing and retrieving modus operandi information. But perhaps the watershed moment of government databasing occurred in the early 1930s, around the time that J. Edgar Hoover opened the Federal Bureau of Investigation's first criminal evidence laboratory, which included fingerprint processing capacities, hair, blood, and firearm analysis. As part of the new emphasis on forensic science, FBI implemented its first fingerprint database-a card sorter that capitalized on the technology created to tabulate the census and that led to the formation of IBM."

Just a little over a decade later, the development of the mainframe computer in 1946 and the replacement of punch cards with magnetic tape significantly advanced databasing possibilities,' but it remained a largely primitive technology. By as late as 1984, the federal fingerprint database the most advanced forensic database available-still depended primarily on manual recording and retrieval. At best, it served as an efficient means of organizing cards for retrieval, rather than for generating leads or links. Linking two fingerprints required manual comparison of an unknown scene sample with, for instance, the 23 million criminal cards on file with the FBI.'

The 1980s, however, initiated a period of rapid change. Personal computers became commonly available. Law enforcement began to recognize and harness the potential of electronic storage and retrieval. And then, remarkably, the Internet was born. Connectivity became possible in ways previously unimagined, and storage capacity reached new heights. The foundations for the modem criminal justice databases had been set.

The first truly modern, searchable databases, says Murphy, most prominently the one for fingerprints (AFIS), didn't appear till 1999, but they've quickly proliferated. These databases have transformed law enforcement, Murphy argues. Instead of developing suspicion, then using data held by law-enforcement to confirm, today suspicion is often developed based on the databases themselves, whether or not the information is accurate.

Why might that be a concern? Writes Murphy: "The true risk is a leaping-to-conclusions, or confirmation bias. It is the fear that the individual will be sucked into a morass of suspicion from which escape is arduous or impossible - Kafka's The Trial, not Orwell's Big Brother." You can't cross-examine a database and often the information they contain comes from many different, frequently untraceable sources that may not be correct or complete.

In Texas this is a particularly salient issue because many jurisdictions have a bad habit of reporting arrests to the statewide data system but fail to report the outcome of the cases. So if someone is arrested and charged with a crime but charges are later dismissed, the dismissal doesn't always make it into the system. The Governor's office recently threatened to withhold federal grant money from counties that don't quickly improve their data entry rates for dispositions in older cases.

The above history, writes Murphy, makes "two points abundantly clear: first, that there are an enormous number of databases in the criminal justice system, and second, that the database, as it exists today, has really only been around for ten or so years. Any person who has witnessed the past fifteen years of technological advancement knows, without reading a law review article, that online databases have transformed modem life. Yet surprisingly few changes have occurred in actual constitutional doctrine in response to widespread databasing."

Databases don't just record information like putting them in a file drawer but instead transform it, she argues:

the import and the impact of a database occurs less with regard to the moment of the information's acquisition than with all the moments that then may follow. Indeed, acquisition may not represent any kind of threat to individual liberty or privacy at all. Recall the criminal records database at issue in Reporters Committee [an early SCOTUS database-related case] - there, the Court acknowledged that the true significance of the database was not its contents, which were all technically a matter of public record, but the act of compiling and rendering that information accessible in a particular way.

For the most part, though, says Murphy, US courts have not applied or created constitutional doctrines to regulate law enforcement database use, but instead most cases focus on statutory interpretation in narrow, individual cases. Murphy argues that databases, by their nature, require structural instead of individualized, case-by-case oversight:

it is arguably impossible to regulate databases substantively - to truly inquire whether a particular series of tests or entries or searches were accurate, fair, and correct. But it is much easier to impose procedural requirements upon databases-to inquire into the existence and thoroughness of protocols for those processes and to presume inadequate or defective any database system maintained without them. Certain structural devices are demonstrably effective in minimizing mistakes, and with greater attention, others would be uncovered. A constitutional doctrine that looks for the signs of good management-think scrutiny of policies for access controls, or regular audits, or blind tests-is far more likely to improve database deployments in society than one that attempts to determine whether a database has failed or not in a case-specific context.

In her view:

regulation of databases require constitutional criminal procedure to focus less upon deliberate or intentional abuses of power than upon unintentional omissions, or mere benign neglect. There is always the risk that a malfeasant actor will corrupt or exploit a database system, to be sure. But constitutional regulation of databases aimed at ferreting out intentional harms will be very thin indeed; it is far easier to do harm, and far greater harm can be done, through mere benign neglect of database systems than through intentional manipulation.

The split among the Justices in Herring starkly illustrate this distinction. The majority viewed the sole purpose of the exclusionary rule to be deterrence and concluded that applying the rule yielded little deterrent benefit with regard to a negligent recordkeeping error. In contrast, Justice Ginsburg in dissent argued that more than marginal deterrence was possible, in the specific context of database entry, even when the complained of error constituted mere negligence in care.

If the exclusionary rule won't apply to negligent database errors, then there needs to be some other deterrent. Historically, civil liability is the other, obvious legal recourse, but police officers are immune from liability for most negligent, on the job errors. Otherwise, the only other option (and an entirely unsatisfying one) is a special-interest driven patchwork of database-by-database restrictions in statutes or agency rules created over time, which is precisely what we have now.

A more profound understanding of how databases are transforming law enforcement will inevitably require similarly transformative constitutional doctrines that the courts have so far refused to articulate, argues Murphy:

rather than follow an industrial age model reliant upon physical acquisition, constitutional doctrine would transition to an information age approach based on knowledge, creation, and dissemination. Such attentiveness would offer more effective safeguards around the creation and utilization of databases, and be responsive to concerns about insufficient auditing structures and function creep. Viewed as living, evolving organisms rather than as static repositories of discrete bits of information, the lawfulness and constitutionality of a database would more closely correspond to its actual use and deployment.

Grits wanted to raise these questions in some depth because, since federal and state courts have punted on the issues, governance of law-enforcement databases for the time being now falls almost exclusively to the states, or to the agencies operating the databases when the states eschew that responsibility. So it'd be appropriate, at this point, to see statutory regulation of law enforcement databases step up over the next few years to fill in the vacuum, probably driven both by episodic scandal and growing demands by the public for protection of electronic privacy. Murphy has performed a mitzvah by outlining the complexities of the problem and articulating underlying principles, if not specific details, for potential reforms.

5 comments:

Anonymous
said...

I have a case (in a neighboring state) where the police based their arrest on googling the defendant. I argue that unofficial databases/internet with no 'indicia of reliability' are not sufficient to creat probable cause. We'll see if it becomes an appeal issue.

In my case, the police said "the internet" (they could not be more specific) indicated that client might be a felon -- and they had found a firearm in the car. They stated they chose *not* to use NCIC because it was "too much hassle."

In addition, the cops (who have recently gotten official Ipads) are apparently using google, facebook, etc. to make decisions about who to stop, etc. For example, the extension of a traffic stop to ask about gang involvement because the guy had a photo on his facebook page that "might have been him throwing gang signs."

This stuff is coming up fast, let's hope the courts will at least attempt to put a cork in it.

Scott,Since the exclusionary rule does not apply in instances of data entry errors,what then stops DPS from entering warrants into their database for anyone or everyone so they can claim a valid reason to stop and then claim later in court that it was a data entry error and the evidence should come in? Shouldn't the errors of DPS be used against them (exclude evidence at the very least and maybe lawsuit for false arrest) just as the mistakes of civilians are used against them?

Definitely not a new problem. My nurse and her husband were pulled over for a minor traffic stop; he was arrested for an "open DWI warrant". Of course, that case was long closed after he'd paid a fine and spent 90 days in jail--nobody bothered to remove it from the database. Of course, no apology or compensation for the night in jail, etc.

But my main fear has long been employment difficulties caused for folks by erroneous "criminal background check" databases.

My only hope is that with more and more things being criminalized, more and more people will be affected by law enforcement excesses and cause a sea-change in our world of Kafka and Orwell.

And yet the vast majority of time the official databases are used, they are used correctly and without flaws. Were the problems eluded to frequent and common, more reform would be needed but the courts recognize this infrequency of error (and act accordingly).

As far as the use of social media in law enforcement, why is the use of such so problematic as a tool to investigate? If someone wants to portray a thug on their Facebook page, making claims of criminal activity, showing gang signs, and presenting themselves as dangerous, that is their choice, not that of some LEO. Is it that different from wearing established gang attire, acting in a certain manner, and otherwise elevating community awareness of your criminal status in "real life", then finding you have generated enough reasonable suspicious for the police to investigate?

GfB Writer Bios

Subscribe by email

Support Grits via Donation

Donate to Grits via PayPal. Grits is a hobby, but donations help cover newspaper subscriptions, periodic travel, open records fees, etc.. Donate if you can! When I have resources, the blog can do more stuff!

"I always tell people interested in these issues that your blog is the most important news source, and have had high-ranking corrections officials tell me they read it regularly."

- Scott Medlock, Texas Civil Rights Project

"a helluva blog"

- Solomon Moore, NY Times criminal justice correspondent

"Congrats on building one of the most read and important blogs on a specific policy area that I've ever seen"

- Donald Lee, Texas Conference of Urban Counties

GFB "is a fact-packed, trustworthy reporter of the weirdness that makes up corrections and criminal law in the Lone Star State" and has "shown more naked emperors than Hans Christian Andersen ever did."

-Attorney Bob Mabry, Conroe

"Grits really shows the potential of a single-state focused criminal law blog"

- Corey Yung, Sex Crimes Blog

"I regard Grits for Breakfast as one of the most welcome and helpful vehicles we elected officials have for understanding the problems and their solutions."

Tommy Adkisson,Bexar County Commissioner

"dude really has a pragmatic approach to crime fighting, almost like he’s some kind of statistics superhero"

- Rob Patterson, The Austin Post"Scott Henson's 'Grits for Breakfast' is one of the most insightful blogs on criminal justice issues in Texas."

- Texas Public Policy Foundation

"Nobody does it better or works harder getting it right"

David Jennings, aka "Big Jolly"

"I appreciate the fact that you obviously try to see both sides of an issue, regardless of which side you end up supporting."

Kim Vickers,Texas Commission on Law Enforcement Officer Standards and EducationGrits for Breakfast "has probably broken more criminal justice stories than any TX reporter, but stays under the radar. Fascinating guy."

Maurice Chammah,The Marshall Project"unrestrained and uneducated"

John Bradley,Former Williamson County District Attorney, now former Attorney General of Palau

"our favorite blog"

- Texas District and County Attorneys Association Twitter feed"Scott Henson ... writes his terrific blog Grits for Breakfast from an outhouse in Texas."